I think your playing with fire allowing users to be added
from a cgi script. That is a security incident waiting to
happen. A person can add a user then through privledge
escalation become root on your machine, install rootkits,
etc. Or the person can grabn the cgi source monkey with the
tags and add a user with privledge. Sorry for being a party
pooper, but it seems like a poor idea.
Regards,
Jim
---- Original message ----
>Date: Wed, 28 Jul 2004 17:03:40 -0700 (PDT)
>From: "Erickson N. Jacob" <ericj at edigitalweb.com>
>Subject: [sudo-users] adduser via web (cgi script)
>To: sudo-users at sudo.ws>>>hi all
>>i have a cgi scipt to add user accounts via web
>>system ("/usr/bin/sudo /usr/sbin/useradd", $user);
>>my problem is that it wont create the user. i have already
added the user
>nobody in the /etc/sudoers file to permit nobody to execute
the useradd
>command
>>any advice on this
>>>thanks
>>>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users